Some basic network architecture issues…
In my almost 30 years of networking, I have found the following network issues consistently when onboarding new customers:
- Blocking switches. A blocking switch is generally a lower end switch (cheap) that does not have the switching fabric to send data concurrently across all ports at full port capacity.
- Core switch is only Layer 2 – Most inexperienced network guys do a poor job of network architecture; they use the firewalls (ingress/egress for connectivity) as router for the internal network. A core switch should be an appropriate Layer 3 device switching/routing IP information for all networks. This design allows for all “traffic” to route internally and leave the firewall to be a traffic cop for the ingress/egress traffic (what it was designed for). This design also allows for a more robust and resilient system.
- Non-Managed switches – There is no place in any business system to have a non-managed switch. There are basic features all switches should have: Visibility in to port statics (errors, throughput, speed, duplex, etc), SNMP, Spanning-Tree, Logs, NTP, LLDP/CDP. Without basic features, network engineers are not capable of solving issues efficiently.
- Time set on network equipment – Network Time Protocol (NTP) must be set from the same consistent source so that we can view log times.
- Low-end WiFi – SMB customers generally have very bad WiFi and little control of the systems. WiFi should be integrated with a Radius Server or LDAP to an Active Directory server. Security is not very robust on low-end WiFi systems.
Ok, I feel better now that I have vented. There are obviously more than the above issues, but it is a good start to ask your vendor these questions. Good architecture pertains to everyone.